Author Archives: admin

VAPT India

Category : Uncategorized

Indian Cyber Security Solutions

Green Fellow IT Security Solutions PVT. LTD.

1800-123-500014 , +91-9831318312,

+91-8972107846

ISO 27001 & 9001 Certified Company

Member of NASSCOM & DSCI

ATC of EC-Council

VAPT companies in India

VAPT Companies in India is what all Enterprises are looking for as the surge in cyber crime is evident.VAPT companies in India have seen a huge rise in demand as the attack on critical infrastructure of enterprises has increased. More than 3000+ companies have seen direct impact on the business revue generation due to lack of cyber security measures and negligence in conducting a periodic VAPT audit.

{{ brizy_dc_image_alt uid='wp-36a5b3dc7ee0f05be2fd79de555fb2bb' }}

Vulnerability Assessment and Penetration Testing (VAPT).

VAPT is a term often used to describe security testing that is designed to identify and help address cyber security vulnerabilities. This includes automated vulnerabilityassessments to human-led penetration testing and full-scale red team simulated cyber-attacks.Vulnerability Assessments and Penetration Testing (VAPT) offer wide-ranging services to perform security audit and provide recommendation for security disruption, monitor security for risk analysis, forensics and penetration testing.

Vulnerability Assessment

Vulnerability Assessment is a comprehensive scanning through various security validations to locate the vulnerable flaws in the pre-existing code. Vulnerability Assessment is limited to locate the vulnerability but it doesn’t reveal the impact or destruction level that can be caused due to the identified flaws. This assessment helps to find out and quantify the risk level of the critical asset and the security posture of the enterprise.

Penetration Testing

Penetration Testing is the method to exploit the analyzed vulnerabilities using appropriate tools as well as manually by security engineers. Penetration Testing shows the number of flaws found in Vulnerability assessment. Which particular flaw can cause a higher degree of risk and lead to malicious attack.

Vulnerability Assessment and Penetration Testing (VA/ PT)

So VAPT is a combination of both VA & PT, which locates the flaws in the system, network or web based application and measures the vulnerability of each flaw. Classifies the nature of possible attack and raises the alarm before these flaws lead to any exploitation.



How to become a Data Scientist

Category : Blog

Indian Cyber Security Solutions

Green Fellow IT Security Solutions PVT. LTD.

1800-123-500014 , +91-9831318312,

+91-8972107846

ISO 27001 & 9001 Certified Company

Member of NASSCOM & DSCI

ATC of EC-Council

How to become a Data Scientists

How to become a Data Scientist is one of the most common questions amongst all of you in this growing 21 st century. Learning data science, as a part of knowledge in today’s World, can hardly be avoided. The major reason behind this is that, there will be a constant stream of analytic talent which will be required in all industries, where companies collect and use data for their competitive advantages. Data science is mainly an inter-disciplinary field that uses scientific methods, processes, algorithms and systems to extract knowledge and insights from many structural and unstructured data. Data science is related to data mining, deep learning and big data. It uses techniques and theories drawn from many fields within the context of mathematics, statistics, calculus, computer science, domain knowledge and information science. In order to become a data scientist, there is a significant amount of education and experience required by any of you.The first step towards this is to earn a bachelor degree (typically in a quantitative field).

Then you can do a master degree or a PhD (in a quantitative or may be scientific field). These qualifications and proper learning can make you, no doubt, a proper data scientist. Specializations and associated careers after learning data science can be Machine Learning Scientist, Data Engineer, Data Analyst, Data Consultant, Data Architect, Applications Architect, etc. Simply it can be said that scopes regarding career, are many in this field and you don’t have to take tension regarding future or self establishment. But the main idea to achieve success in any field is your fully devoted interest and love for the subject. This will help you to learn more and more which is a grand step. Coming back to an over-simplified description, as you know all, a data scientist is a professional who can work with a large amount of data and extract analytical insights. They communicate their findings to the stakeholders. Thus, companies can benefit from making the best-informed decisions to drive their business growth and profitability. No doubt, it is not so easy, but following it step by step can make it an easiest and a simplest task.

How to Become a Data Scientist with

Online Education

How to Become a Data Scientist with Online Education is the next question that rises in many of your enthusiastic and energetic mind, especially in such a pandemic, a hectic situation. But do you know from the beginning only, one major way to answer how to become a Data Scientist is to obtain data science education is Massive Open Online Courses (MOOC). It facilitates students with flexible times through which time management becomes easy. In addition to that, it also minimizes the investment cost thus making it easier to learn and flourish in such a field. An increasing amount of careers are started with online learning, and data science is no exception. With working from home becoming more popular as well, accreditation or experience from online means has been regarded more, with new reputable avenues of achieving online learning success.

In today’s high-tech world, everyone has pressing questions that must be answered by “big data”. From businesses to non-profit organizations to government institutions, there is a seemingly-infinite amount of information that can be sorted, interpreted, and applied for a wide range of purposes. These all comes down to data scientists. Because there is simply too much information for the average person to process and use.So, data scientists are trained to gather, organize, and analyze data, helping people from every corner of industry and every segment of the population in each part of this World.


{{ brizy_dc_image_alt uid='wp-3d10788a72f76990e34e49d4978b883e' }}

9 Must have skills you need to become a Data Scientist

9 Must have skills you need to become a Data Scientist regarding how to become a Data Scientist are as follows:

Proper high education and developing it more through self practices, building an app, starting a blog, exploring data analysis, etc.

Having the knowledge of wide spreaded programming language R.

Along with Java, Perl, C, C++ or Julia, learning the Python Coding and implementing it properly is highly needed.

Learning Hadoop (an open-source software framework) so that situations like accomodating large volume of data in a comparatively small memory containing system, sending data to different servers, etc can be handled.

Knowing SQL Database, boosting knowledge in Database Management and Coding is also a necessary step.

Having proper depths about Apache Spark which is the most popular big data technology Worldwide.

Learning properly the fields like Machine Learning and Artificial Intelligence with appropriate skills that can be implemented in practical World.

Skills to be able to visualize data with the aid of data visualization tools such as ggplot, d3.js and Matplottlib, and Tableau.

Ways of working with unstructured data to unravel insights that can be useful for decision making. Also the respective non-technical skills required too are

Intellectual Curiosity, Business acumen, Communication, Teamwork, etc.

Above all, learning data science is not so easy but not so tough. Yes, there are limitations too in this field like any other. But accepting both pros and cons it can be concluded that future without Data Science is impossible and so learning this as a part of proper knowledge and education for willing learners like you, can not only give you a settled career but also a confirmed respect by each and every individual in this society.



Top 10 Secret Tips Of Social Engineering In 2020

Category : Uncategorized

Top 10 Secret Tips Of Social Engineering in 2020

Have you ever thought,How hackers steal confidential data like online account credentials or banking details without hacking into your system.This is a very popular way hackers use to steal sensitive information.Hackers are now evolving this technique to trick people.

Almost 62% of companies facing Social Engineering attack.Many companies now working from home.Hackers now trick employees and steal sensitive data using social engineering.In recent times social engineering attack increased so much and hackers now adopting new techniques to trick people.

So What Is Social Engineering?

Social engineering is a technique to manipulate people, to get confidential information. The types of information collected by social engineering can vary, but when individuals are targeted by the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.This is a non-technical technique used by hackers to collect sensitive data from a person. Hackers use different social engineer techniques and they keep evolving these techniques. They can get to your data without touching your keyboard or physical access to your system.

To protect the personal or company system a Cyber Security Professional must think like hackers. They should understand how hackers use Social Engineering attacks to get sensitive data from a person.

Here are the 10 Social Engineering Tips Hackers Used

1.Email From A Friend :

People hardly check the genuineness of a mail that comes from a friend or looks like it comes from a friend. Hackers take advantage of this and send malicious links in a mail or ask sensitive information from a user. If a criminal manages to hack or socially engineer one person’s email password they can easily get access to that person’s contact list. Most people use one password for almost everywhere, this makes it easy for hackers to have access to that person’s social networking contacts as well.When hackers get the control of the email they send emails to all the person’s contact list. These emails contain malicious links or links to phishing websites to collect more sensitive data from the person contacts. The mail can also contain a download of pictures, music, movie, or document that has malicious software embedded. If you download which you are likely to do since you think it is from your friend, you become infected by malware. The cyber criminal can easily access your machine, email account, social network accounts, and contacts, and the attack spreads to everyone you know. And on, and on.

{{ brizy_dc_image_alt uid='wp-90b0b40b44d75b698af26b3d94b1de67' }}
{{ brizy_dc_image_alt uid='wp-adb5455b5436c78c2db538aab6923e9b' }}

2.Email From A Trusted Source –

Hackers send phishing links using social engineering strategies that imitate a trusted source. Hackers use a compelling story or pretext to get sensitive data from a user. A phisher sends an e-mail, IM, comment, or text message that appears to come from a legitimate, popular, bank, school, or institution. They present a problem that requires you to “verify” your information by clicking on the displayed link and providing information in their form. The link location may look very legitimate with all the right logos, and content. This type of mail looks like it comes from banks or other financial institutions.Hackers sometimes pose like a boss or coworker. It may ask for an update on an important, proprietary project your company is currently working on, for payment information pertaining to a company credit card, or some other inquiry masquerading as a day-to-day business. Hackers basically send this type of mail to employees of a targeted company to steal sensitive information. These mails look legitimate and hackers can easily get the information they need.

3.Mail From A Trusted Person –

In this type of social engineering attack, hackers send mail to the user. The mail looks like it comes from a trusted source and they copy the official mail id. This type of mail contains phishing links that send the user to a phishing website. Hackers copy the original website and trick users to share sensitive information.

{{ brizy_dc_image_alt uid='wp-072e32395a159f19de6aaca83d8a6ba2' }}
{{ brizy_dc_image_alt uid='wp-f4272cf56ebef564d0348fe8de214389' }}

4.Baiting scenarios :

Hackers know what type of things people want and they target people. They offer to download the latest movie links or music. This type of link also found in social networking sites, malicious websites people find through search results, and so on.This scheme may show up as an amazingly great deal on classified sites, auction sites, etc. To allay your suspicion, you can see the seller has a good rating which is already a planned and crafted profile. People who take this bait get infected by malicious software and hackers still sensitive information.

5.Offering services from trusted

companies :

Hackers offers service like fixing your computers or helping you in banking service.They pick big companies like computer service or banks.They call people and offer free service.They will ask to update software by a link they send to you or install a software so they can fix your computer problem.When user install this software they gives the remote access to the hackers.The hackers also tell user to enter commands or authenticate them.They fthis trick to steal sensitive information and create a backdoor,so they access anytime they want.

{{ brizy_dc_image_alt uid='wp-63518e4689dc4ca46b8c096885a21cfe' }}
{{ brizy_dc_image_alt uid='wp-3d4f964938dd1e55c50595d3b615ec4f' }}

6.Promotional Offers :

Hackers sometimes send promotional mails to users which offer great results on a product.They craft the mail like that people will click on the link.This type of link is also found in search results.People easily click this type of link when they get offers.Hackers uses this Social Engineering method to trick people.

7.Texting Users:

Hackers sometimes trick users by simply sending text messages to users.Here’s how the manipulative scheme works. Hackers send the target a text message instructing them to log in to their online account. Point out that it’s required to accept the new terms of service or confirm that their personal details are up to date.This mail emphasizes that it is an urgent matter and they need to do the task by sending the mail.When the user clicks on the link and types the credentials,hackers can easily get all the information.They can easily hack online accounts.

{{ brizy_dc_image_alt uid='wp-e68ca39f5c3a90d61ef7c88089871e49' }}
{{ brizy_dc_image_alt uid='wp-50727eee81aec19c21ae8cc6f879ffce' }}

8.Using Fake Email :

Hackers first get all the information like the official email id of the company and their employees mail id.Then they send mails to other employees with a copy mail id.In this technique hackers send mail  to employees to get sensitive information from employees,who worked on a targeted company.

9.Lottery Winning Mail :

 In this social engineering attack,hackers send mail to people about lottery winning.This mail trick users to get sensitive information.In order to give you your ’winnings’ you have to provide information about your bank account,so they know how to send it to you or give your address and phone number so they can send the prize, and you may also be asked to prove who you are often including your identification details. These are the ’greed phishes’ where even if the story pretext is thin, people want what is offered and fall for it by giving away their information, then having their bank account emptied, and identity stolen.

10.Creating Phishing Link Of A Keyword :

Hackers create phishing websites for particular keywords.It is really hard to rank for a keyword.But they are so many keywords that are actually easy to rank and have a decent amount of traffic.Hackers take advantage of this and create phishing website to steal sensitive information from users.


How to write a GDPR data privacy notice in 2020

Category : Uncategorized

How to write a GDPR data privacy notice in 2020

The  GDPR (General Data Protection Regulation gives individuals more control over how their personal data is used.If your organisation processes personal data, the Regulation requires you to provide data subjects with certain information. This typically takes the form of a data privacy statement or privacy notice.But what is a data privacy notice, and what should it contain? This post explains everything you need to know.

What is a privacy notice?

A GDPR privacy notice is an important way to help your customers make informed decisions about the data you collect and use. We’ve brought together some information from the law itself and from the EU’s guidance documents to help you understand the components of a good privacy notice. And at the bottom, we’ve included a privacy notice template that you can adapt to your own organization.A privacy notice is a document that organisations give to individuals to explain how their personal data is processed.There are two reasons for doing this. First, it ensures that you’re as transparent as possible with data subjects. This prevents any confusion about the way personal data is being used and ensures a level of trust between the organisation and the individual.Second, it gives individuals more control over the way their data is collected and used. If there’s something the data subject isn’t happy with, they can query it via a DSAR and potentially ask the organisation to suspend that processing activity.

How to write a privacy notice?

1) Contact details

The first thing to include in your privacy notice is the name, address, email address and telephone number of your organisation.If you’ve appointed a  DPO(data protection office) or  EU representative, you should also include their contact details.

2) The types of personal data you process

The definition of personal data is a lot broader than you might think.Ensure you include everything that you’re collecting and do so as specifically as possible.For example, instead of just saying ‘financial information’, state whether it’s account numbers, credit card numbers, etc.You should also outline where you obtained the information if it wasn’t provided by the data subject directly.

3) Lawful basis for processing personal data

Under the GDPR, organisations can only process personal data if there is awful basic for doing so . Your privacy policy should specify which one you’re relying on for each processing purpose.Additionally, if you are relying on legitimate interests, you must describe them. If you’re relying on consent, you should state that it can be withdrawn at any time.

4) How you process personal data?

You must explain whether you will be sharing the personal data you collect with any third parties.We suggest also specifying how you will protect shared data, particularly when the third party is based outside the EU.

5) How long you’ll be keeping their data?

The GDPR states that you can only retain personal data for as long as the legal basis for processing is applicable. In most cases, that will be easy to determine. For example, data processed to fulfill contracts should be stored for as long as the organisation performs the task to which the contract applies.Likewise, organisations that process data on the grounds of a legal obligation public task or vital interest should hold on to the data while those processing activities are relevant.Things are trickier with consent and legitimate interests, as there is no clear point at which they’re no longer valid.As such, we recommend reviewing any processing that involves these lawful bases at least every two years.

6) Data subject rights

The GDPR gives individuals eight data subject right which you should list and explain in your privacy notice:

Right of access: individuals have the right to request a copy of the information that an organisation holds on them.

Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.

Right of portability: individuals can request that organisation transfer any data that it holds on them to another company.

Right of rectification: individuals have the right to correct data that is inaccurate or incomplete.

Right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data that’s stored on them.

Right to restrict processing: individuals can request that an organisation limits the way it uses personal data.

Right to be informed: organisations must tell individuals what data of theirs is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.

Rights related to automated decision making including profiling: individuals can ask organisations to provide a copy of its automated processing activities if they believe the data is being processed unlawfully. You should also remind individuals that they are free to exercise their rights and explain how they can do this.

Is privacy notice the same as a privacy policy?

A privacy notice is a publicly accessible document produced for data subjects. By contrast, a privacy policy is an internal document that explains the organisation’s obligations and practices for meeting the GDPR’s requirements.Although they cover many of the same topics, privacy notices aren’t to be confused with privacy policies.

Contact us


GDPR - ICSS

How to write a GDPR data privacy notice in 2020

Category : Blog

How to write a GDPR data privacy notice in 2020

The  GDPR (General Data Protection Regulation gives individuals more control over how their personal data is used.

If your organisation processes personal data, the Regulation requires you to provide data subjects with certain information. This typically takes the form of a data privacy statement or privacy notice.

But what is a data privacy notice, and what should it contain? This post explains everything you need to know.

GDPR Managed Service Providers in India

What is a privacy notice?

 

A GDPR privacy notice is an important way to help your customers make informed decisions about the data you collect and use. We’ve brought together some information from the law itself and from the EU’s guidance documents to help you understand the components of a good privacy notice. And at the bottom, we’ve included a privacy notice template that you can adapt to your own organization.

A privacy notice is a document that organisations give to individuals to explain how their personal data is processed.There are two reasons for doing this. First, it ensures that you’re as transparent as possible with data subjects. This prevents any confusion about the way personal data is being used and ensures a level of trust between the organisation and the individual.

Second, it gives individuals more control over the way their data is collected and used. If there’s something the data subject isn’t happy with, they can query it via a DSAR and potentially ask the organisation to suspend that processing activity.

Let us watch the different steps of writing a GDPR Data Privacy Notice through this video:

How to write a privacy notice?

 

1) Contact details

The first thing to include in your privacy notice is the name, address, email address and telephone number of your organisation.

If you’ve appointed a  DPO(data protection office) or  EU representative, you should also include their contact details.

 

2) The types of personal data you process

The definition of personal data is a lot broader than you might think.

Ensure you include everything that you’re collecting and do so as specifically as possible.

For example, instead of just saying ‘financial information’, state whether it’s account numbers, credit card numbers, etc.

You should also outline where you obtained the information if it wasn’t provided by the data subject directly.

3) Lawful basis for processing personal data

Under the GDPR, organisations can only process personal data if there is awful basic for doing so . Your privacy policy should specify which one you’re relying on for each processing purpose.

Additionally, if you are relying on legitimate interests, you must describe them. If you’re relying on consent, you should state that it can be withdrawn at any time.

4) How you process personal data?

You must explain whether you will be sharing the personal data you collect with any third parties.

We suggest also specifying how you will protect shared data, particularly when the third party is based outside the EU.

5) How long you’ll be keeping their data?

The GDPR states that you can only retain personal data for as long as the legal basis for processing is applicable. In most cases, that will be easy to determine. For example, data processed to fulfill contracts should be stored for as long as the organisation performs the task to which the contract applies.

Likewise, organisations that process data on the grounds of a legal obligation public task or vital interest should hold on to the data while those processing activities are relevant.

Things are trickier with consent and legitimate interests, as there is no clear point at which they’re no longer valid.

As such, we recommend reviewing any processing that involves these lawful bases at least every two years.

6) Data subject rights

 

The GDPR gives individuals eight data subject right which you should list and explain in your privacy notice:

  • Right of access: individuals have the right to request a copy of the information that an organisation holds on them.

 

  • Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.

 

  • Right of portability: individuals can request that organisation transfer any data that it holds on them to another company.

 

  • Right of rectification: individuals have the right to correct data that is inaccurate or incomplete.

 

  • Right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data that’s stored on them.

 

  • Right to restrict processing: individuals can request that an organisation limits the way it uses personal data.

 

  • Right to be informed: organisations must tell individuals what data of theirs is being collected, how it’s being used, how long it will be kept, and whether it will be shared with any third parties.

 

  • Rights related to automated decision making including profiling: individuals can ask organisations to provide a copy of its automated processing activities if they believe the data is being processed unlawfully. You should also remind individuals that they are free to exercise their rights and explain how they can do this.

 

Is privacy notice the same as a privacy policy?

A privacy notice is a publicly accessible document produced for data subjects. By contrast, a privacy policy is an internal document that explains the organisation’s obligations and practices for meeting the GDPR’s requirements.

Although they cover many of the same topics, privacy notices aren’t to be confused with privacy policies.

 

 

Why you need a privacy notice?

Privacy policies can also help you win business, as they prove that you take information security seriously.

Privacy notices are a legal requirement under the GDPR and ensure that individuals are aware of the way their personal data is processed. However, they can also benefit organisations in several ways.

For one, privacy policies provide documented proof of your data processing activities. This helps you justify your processing if someone lodges a complaint with their supervisory authority.

Privacy policies can also help you win business, as they prove that you take information security seriously.

Writing your privacy notice

In general, privacy policies should be written in the active voice and avoid unnecessary legalese and technical terminology.

This is particularly important when you are processing children’s personal data, as there are many concepts that you’ll have to explain in more detail.

Your privacy policy must be written in clear and simple language that data subjects can easily understand.

Likewise, you should avoid qualifiers such as ‘may’, ‘might’, ‘some’ and ‘often’, as they are purposefully vague. Saying you ‘may’ do something doesn’t help the data subject work out under what circumstances it will happen.

Finally, the policy should be free of charge and easily accessible; don’t hide it in a link at the bottom of a form where few people are likely to see it.

You should instead provide the policy to them in writing or link to it when asking for their personal data.

When should you provide a GDPR privacy notice?

The GDPR explains that data controllers must provide a privacy notice whenever they obtain data subjects’ personal information. The easiest way to provide a privacy notice is to post it on your website and link to it whenever appropriate.

If you don’t have a website, you should make a physical copy of your privacy policy available.

The only times this isn’t necessary are when:

  • The data subject already has the information provided in the privacy notice;
  • It would be impossible or involve a disproportionate effort to provide such information;
  • The organisation is legally obliged to obtain the information; or
  • The personal data must remain confidential, subject to an obligation of professional secrecy.

When an organisation obtains personal information from a third party, it must provide a privacy notice within a month. This should be done the first time the organisation communicates with the data subject or when the personal data is first shared with another recipient.

 

 


Top Data Breaches in February, March & April 2020

Category : Blog

Top Data Breaches in Review: February, March & April 2020

 

Many companies now face data breaches in recent times.Different sectors like IT sector,Healthcare sectors,Public sectors reported data breaches in recent times.

Storing and using sensitive user data by companies are also common things.This data storing companies are the most favorite target for the hackers.This companies are now facing more cyber attacks.This major cyber attack also leads to data breach.Where millions of user data are leaked online.This makes user privacy at risk.Sometimes user data is sold in dark web or just leaked online.

 

data beaches-icss

 

Many companies face cyber attacks because they don’t maintain their cyber security.Many companies don’t have Cyber Security professionals who can manage the IT security.Small companies are also the favorite target of the hackers because they don’t maintain their cyber security.They don’t have any cyber security infrastructure.So they are easy to hack.

In this article we will show the recent data breach in February,March and April month.

 

 

 

Data Breach In February:

Number of data records compromised in february is 632,595,960.I this month many companies data get hacked.The hackers shared their data in web.Some of the biggest data breach are

Estee Lauder (400 million),Tetrad (120 million),Pabbly (51.2 million ),MGM Resorts (10.6 million),Lukid Party (6.54 million).In this month companies faced almost 25 Ransomware attacks,data leaked for Internal Error of 18, and companies faced 24 cyber attacks.The most breached sector is Healthcare which has  22 data breaches.Education sector which has  22 data breaches and public Sector which have 19 data breaches.

Data Breach In March:

Number of data records breach in March is almost 105.The number of data records compromised is 832,486,418. In this month many companies data get hacked.The hackers shared their data in web.Some of the biggest data breach are Weibo (538 million),Unknown database of US homeowners(201 million),Antheus Technologies (81.5 million),Dutch Government (6.9 million),Prop Tiger (2.1 million).The most sectors are The most breached sectors Healthcare which have 16 breaches,Education which have 11 breaches,Public sector which have 9 breaches.This month companies faces 10 Ransomware attack,6 internal error and 5 other cyber attacks.

Data Breach In April:

Number of data records breach in March is almost 49.The number of data records compromised is 216,141,421. In this month many companies’ data got hacked.The hackers shared their data on the web.Some of the biggest data breaches are Zoom (500,000),Email.it (600,000),Quidd (4 million ),Maropost (95 million).The most breached sectors Healthcare which have 11 breaches,Professional service which have 11 breaches,Public sector which have 9 breaches.This month companies face 12 Ransomware attacks,9 internal errors and 19 other cyber attacks.

 


Xiaomi sending user data to its server – A privacy concern for users

Category : Blog

Xiaomi sending user data to its server – A privacy concern for users

 

Services/Bloatware safe to remove on Xiaomi devices via the ...

 

Xiaomi the one of the most famous mobile manufacturers in India sending browsing data to its server.Xiaomi collects user phone habits and queries they search on Xiaomi’s default browser.

According to a Cyber Security professional Xioami records all search data and items viewed on its default browser and the Mint browser.

The researcher claims that Xiaomi collects insane amounts of data.They also track incognito mode as well.

The researcher confirmed some other Xiaomi phones, including MI 10, Resmi K20, and Mi Mix 3.

After this report Xioami responded and confirmed that it collects browsing data.However the data is anonymized and users have consented to the data tracking.But it denied the claim of monitoring the incognito mode.

But the researcher was able to prove that Xioami is recording Incognito mode data as well in a video.

When researchers showed this with proof, Xiaomi said, “collection of anonymous browsing data, is one of the most common solutions adopted by internet companies”.

But the question is, the information tracked in the browser is really anonymous.

The researcher says the information tracked in the browser is compiled with the phone’s “metadata” collected by Xiaomi,which can easily identify a single person. That means the data sent to the servers can be easily correlated with a specific user.

Xiaomi also collects data using its official Apps claims by the researcher.The app’s data collected by SensorDataAPI.Which is a startup known for tracking users.

While Xioami says the data collected by Sensor Analytics remains anonymous and stored on Xiaomi’s personal servers.

Although in an official blog post-Xiaomi claims the data collecting to be aggregated and based on user consent.

In 2014 the mobile manufacturer company was found sending user’s personal data, including IMEI numbers,phone numbers and text messages to the web server in China.

This was reported in 2014.A Taiwan

Cybersecurity researchers raised this issue in a report. This issue was raised in India, Singapore, and Taiwan.

The Cybersecurity researchers also claim that he had found a zero-day vulnerability in the Xiaomi website.Where he was able to access many Xiaomi user’s data. He also found server logs, MI account username, Email, and passwords of millions of Xiaomi users.

Later Xiaomi investigates the data breach and accusations made by researchers.Xiaomi later posts a report about the vulnerability raised by the researcher.

They said they have verified the zero-day data breach allegation made by the security researcher is false.The file contains the information was their old website forum data. The information became obsolete when they launched the Xiaomi account integrated systems in 2012.

Xiaomi also says they are moving their data center in India due performance and privacy consideration.

So using the Xiaomi phone is a privacy concern for cyber security experts.Many I ternet companies collect users’ data to improve their service and product.

If data breach happened then so many users’ data will be exposed.So maintaining cyber security is very important for these companies.

 


Why Cyber security is important during the COVID 19 pandemic

Why Cybersecurity is important during the COVID 19 pandemic

Category : Blog

Why Cybersecurity is important during the COVID 19 pandemic:

 

In this lockdown, many people are working and learning from home. The world is moving online at an unprecedented rate and the cyber attacks also increased for this reason.

Cybercriminals take advantage of this situation and now they try different methods. Phishing and scamming increased in recent times. Many online platforms also face cyber attacks. Hackers now try to hack online apps that are used in online meetings. Many companies now work from home and so there’s a shortage of security. Hackers now take advantage of these situations.

So at this time, cybersecurity is very important. Many companies now work online and it also increases the threat of cyber attacks.

Cybersecurity is very important right now. So companies should be aware of this type of attack.

 

 

Why Cyber security is important during the COVID 19 pandemic

 

 

 

Spam Mail : 

At this time many employees are getting too much spam mail. There are so many email providers who have a spam filter. That can easily find the spam mail. But some companies use their own mail server.

So companies should check their mail server security. It will help them to protect their mail server from any type of cyber attack.

 

 

Spam Mail

 

 

Phishing Attack :

In recent times phishing attacks have increased so much. Many people get phishing links by email. These phishing links sometimes look genuine and people clicked on the links. This phishing links redirect to websites that have malware or hacker tricks, people, to give sensitive data.

Employees need to check any type of link that’s not come from a trusted source. This type of phishing link can trick people easily.

 

 

Phishing Attack

 

 

Social Engineering :

This is the most common attack hackers use to steal sensitive data. Hackers use different types of social engineering methods to trick people.

Because many people are under pressure and work remotely, this type of trick can harm companies’ data. So companies should aware of their employees to check before sharing any sensitive data.

 

Unencrypted Connection

Any unencrypted connections can steal sensitive data. Companies need to ensure that when employees access their data remotely, their connection is secure and encrypted.

If their connection is not secure hackers can use MITM attack to steal sensitive data. So companies should use an encrypted connection.

 

Accessing Third-Party Apps :

Many companies work remotely right now. So many companies are doing their meeting and conference online. Many companies have their own infrastructure but many companies use third-party Apps.

So hackers now try to exploit these apps to hack into the system. When companies use third-party Apps they must ensure security. If any apps they find vulnerable they must use the latest version of the App or find an alternative of this App.

These are some security measures you can check to ensure the cybersecurity company. You can also use VAPT service, which can find a vulnerability in your Network, Web App, or Android apps.

This type of vulnerability testing is done by industry experts. They can help you to find the vulnerability in your IT infrastructure. So you can easily fix that problem to secure your company from any type of cyber attack.

 


Top 10 Biggest data breach happened in the 21st century

Top 10 Biggest data breach happened in 21st century

Top 10 Biggest data breach happened in the 21st century :

 

Data breaches are now very common. The 21st century is a data-driven age. Storing and using sensitive user data by companies are also common things. This data storing companies are the most favorite target for hackers. These companies are now facing more cyber attacks.

This major cyber attack also leads to a data breach. Where millions of user data are leaked online. This makes user privacy at risk. Sometimes user data is sold on the dark web or just leaked online.

The main reason for a data breach is companies don’t take cybersecurity seriously. They don’t check and measure their IT security. Hackers always try to find the vulnerabilities and hack into their system.No matter what type of companies they are small or big, the hackers always try to hack into their system to get sensitive data.

Here we will take a look at the Biggest Data Breach in the 21st century.

 

Top 10 Biggest data breach happened in the 21st century

 

Adobe – 

Date: October 2013

In this data breach, 153 million user records were leaked. As reported in early October of 2013 by security blogger Brian Krebs, Adobe originally reported that hackers had stolen nearly 3 million encrypted customer login data and credit card data for an undetermined number of user accounts.

The security researcher reported that a file posted includes more than 150 million usernames and hashed password pairs of Adobe users. Weeks of research showed that the hack had also exposed customer names, IDs, passwords, and debit and credit card information.

eBay – 

Date: May 2014

 

145 million eBay users data were leaked in this data breach.eBay reported that an attack exposed its entire account list of 145 million users in May 2014, including names, addresses, dates of birth and encrypted passwords. 

The online auction giant said hackers used the credentials of three corporate employees to access its network and had complete access for 229 days, that is enough time to compromise the user database.

 

MySpace –

Date: May 2016

360 million accounts affected in this data breach.MySpace was the leading social media platform before the emergence of Facebook. But it was not concerned about its data security. And the company never really took user data seriously. Myspace pages can be hacked and users can embed whatever content they desire. 

An investigation by independent security researchers suggested that the breach occurred sometime in the mid-2000s.In 2016, a Russian hacker going by the nickname Peace put the MySpace data of more than 360 million accounts on sale. 

 

Marriott –

Date – November 2018

Marriott is one of the hotel chains whose data were hacked and leaked online.Marriott said in November 2018 that hackers had stolen personal information of more than 500 million guests who had booked rooms or stayed at properties run by its Starwood subsidiary. 

The data breach began in 2014, about two years before Marriott acquired Starwood Hotels, and continued through much of 2018. The stolen details included names, street addresses, emails, passport numbers, genders, and dates of birth of more than 500 million customers.

 

Yahoo – 

Date: August 2013

This is by far the biggest data breach in the history of the Internet. In August 2013, unidentified hackers broke into Yahoo servers to steal the data of more than 3 billion users. It means every single account on Yahoo, Tumblr, Flickr, and other Yahoo-owned properties was compromised. But Yahoo reported the security breach only in 2016. The company also revealed that another hack conducted by “a state-sponsored actor” in late 2014 compromised the data of 500 million users. The US government indicted Russian hackers for the 2014 data breach.

 

NetEase –

Date: October 2015

235 million user accounts were leaked in this data breach.NetEase is a provider of mailbox services through the likes of 163.com and 126.com. It was reported that email addresses and plaintext passwords of some 235 million accounts from NetEase customers were being sold by a dark web marketplace vendor known as DoubleFlag. The same vendor was also selling information taken from other Chinese giants such as Tencent’s QQ.com.

This data breach also shows that many companies still don’t use any encryption.

Dubsmash :

Date:  December 2018

162 million user accounts were leaked in this data breach.In December 2018, Dubsmash the New York-based video messaging service had 162 million email addresses, usernames, PBKDF2 password hashes, and other personal data such as dates of birth stolen, all of which was then put up for sale on the Dream Market dark web market the following December. The information was being sold as part of a collected dump also including the likes of MyFitnessPal (more on that below), MyHeritage (92 million), ShareThis, Armor Games, and dating app CoffeeMeetsBagel.

LinkedIn :

Date – 2016 

As the major social network for business professionals, LinkedIn has become an attractive place for attackers looking to conduct social engineering attacks. However, it has also fallen victim to leaking user data in the past.

In 2012 the company announced that 6.5 million unassociated passwords (unsalted SHA-1 hashes) were stolen by attackers and posted onto a Russian hacker forum. However, it wasn’t until 2016 that the full extent of the incident was revealed. The same hacker selling MySpace’s data was found to be offering the email addresses and passwords of around 165 million Linkedin users.LinkedIn acknowledged that it had been made aware of the breach, and said it had reset the passwords of affected accounts.

 

Equifax :

Date: July 2017

147.9 million users were affected in this data breach.Between May and July 2017, hackers broke into credit reporting agency Equifax’s systems to access the data of more than 143 million users. Though Equifax later said that it’s 145 million, security experts put the number of affected users at around 147.9 million. 

It is one of the most damaging data breaches in history. However, Equifax didn’t report the breach until September 2017. Hackers managed to get  millions of user data , including names, street addresses, driver’s license numbers, birth dates, and even social security numbers. Hackers exploited a vulnerability in the open-source software Apache Struts to access its servers.

 

Facebook :

Date : September 2018

87 million leaked in this data breach.This happened for the Cambridge Analytica scandal where the data-collecting firm illegally harvested users’ info without their permission.Some security researchers told that this  secret operation was politically motivated. And though the breach occurred a couple years ago, it’s only this year that investigatory conclusions have come out and it shows that 87 million user data were exposed by hackers.

Data breach is now very common. Even small companies are getting hacked. So companies should secure their It infrastructure. They can regularly check their It security and do a security audit. Sometimes it’s not possible to set up a cyber security team. Because of costing and not finding skilled cyber security professionals.So they can use VAPT service for IT security audits. The VAPT service or Vulnerability Assessment and Penetration Testing service help to find the vulnerability in the system and the company can fix the problem to protect from any type of cyber attack.


×

Hello!

Click one of our representatives below to chat on WhatsApp or send us an email to [email protected]

× Hi How can we help you